The Evolution of Cybersecurity Requirements for the U.S. Financial Industry

The U.S. financial sector is a major target for global cybercriminals. Cybercrime is a growing industry around the world imposing significant costs on firms that fail to implement adequate safeguards. Regulators are taking notice of the increased risk of cyber threats. While statutes and regulations in the financial sector have not directly addressed cybersecurity, many impose implicit requirements on firms to secure their information technology (IT) systems in the name of operational assurance, data protection, and accurate reporting. To demonstrate compliance with this complex web of requirements, firms have turned to standards frameworks that outline effective cybersecurity systems and best practices. This report discusses the rules and frameworks that have shaped the cybersecurity standards employed by major financial institutions in the United States.

Image
Denise E. Zheng

Denise E. Zheng

Former Senior Associate (Non-resident), Strategic Technologies Program
Image
William A. Carter
Senior Associate (Non-resident), Wadhwani Center for AI and Advanced Technologies